CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0CVE-2018-2668 – mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
https://notcve.org/view.php?id=CVE-2018-2668
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102682 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0586 https://access.redhat.com/errata/RHSA-2018:0587 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html https://lists. •
CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0CVE-2018-2665 – mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
https://notcve.org/view.php?id=CVE-2018-2665
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102681 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0586 https://access.redhat.com/errata/RHSA-2018:0587 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html https://lists. •
CVSS: 6.1EPSS: 62%CPEs: 9EXPL: 0CVE-2018-5712 – php: Reflected XSS on PHAR 404 page
https://notcve.org/view.php?id=CVE-2018-5712
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.33, versiones 7.0.x anteriores a la 7.0.27, versiones 7.1.x anteriores a la 7.1.13 y versiones 7.2.x anteriores a la 7.2.1. Hay XSS reflejado en la página de error PHAR 404 mediante el URI de una petición de un archivo .phar. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/102742 http://www.securityfocus.com/bid/104020 http://www.securitytracker.com/id/1040363 https://access.redhat.com/errata/RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=74782 https://lists.debian.org/debian-lts-announce/2018/01/msg00025.html https://usn.ubuntu.com/3566-1 https://usn.ubuntu.com/3600-1 https:/&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.6EPSS: 97%CPEs: 1090EXPL: 3CVE-2017-5715 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5715
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción indirecta de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. • https://www.exploit-db.com/exploits/43427 https://github.com/GalloLuigi/Analisi-CVE-2017-5715 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html http://lists.opensuse.org/opensuse& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 5.6EPSS: 97%CPEs: 1467EXPL: 3CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. • https://www.exploit-db.com/exploits/43427 https://github.com/sachinthaBS/Spectre-Vulnerability-CVE-2017-5753- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html http://nvidia.custhe • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •